Hidden malware

Kaspersky says that the scam looks to take advantage of online shoppers looking to save on price and weight by purchasing online versions of textbooks.

The company found that by July 2019, 356,662 attacks were carried out using this method, with 53,531 malicious or potentially unwanted files disguised as ready-to-use essays and textbooks for schools and universities.

Of these, 17,755 threats were disguised as student books, with the most popular choices being English (2,080), maths (1,213) and literature (870) textbooks.

However the vast majority of threats hiding under these disguises were downloaders of various files: from annoying, yet not fatal adware or unrequested software, to highly dangerous money-stealing malware.

“Students attempting to avoid paying for textbooks and other educational materials is creates an opportunity for cybercriminals that they simply cannot resist," said Maria Fedorova, security researcher at Kaspersky.

"This turns into are a serious problem for educational entities, as once the infection gets on a school network computer, it can easily spread. Not all schools are prepared to carry out effective incident response, as educational organizations are considered to be an a-typical target for fraudsters, but threat actors use every opportunity they can get. This is why precautionary measures are vital for such organisations."

To stay protected from these threats, Kaspersky is recommending users not open suspicous email attachments, and only buy books or other resources from trusted online stores.